Defeating Overflow Attacks - orkspace.net

More documents

Recommendations

Info

Table of Contents 1 Introduction 3 2 Buffers and Overflows 4 3 The Stack Segment 5 3.1 PUSH and POP - Using the stack to store data 5 3.2 CALL and RET - Changing the flow of an application 7 4 Procedure Calling Convention 8 4.1 IA-32 Standard Calling Convention 8 4.2 Example 9 5 Overflow Attacks 10 6 Defeating Overflow Attacks 12 6.1 Enforcing buffer size limitations 12 6.2 Stack validation 12 6.3 Transfer Responsibility 15 7 Conclusion 15 Appendix A: References 16 Appendix B: Source Code Examples 17 Appendix C: Length Enforcing Procedures 30 Jason Deckard GIAC GSEC p. 2
Abstract Buffer overflow attacks are detectable and preventable. This paper describes what a buffer overflow attack is and how to protect applications from an attack. 1 Introduction Buffer overflows are a frequent source of security vulnerabilities that can allow an attacker to take control of information systems. According to the National Institute of Standards and Technology, 23% of the vulnerabilities reported in 2003 were related to buffer overflow attacks. (icat.nist.gov) Buffer overflows are the result of trying to cram more information into a buffer than it was meant to hold. When this happens, the information that doesn't fit is written to areas of memory outside the buffer. Sometimes the memory overwritten by the excess information is reserved for other purposes. A skilled attacker who can accurately predict what is overwritten when a buffer overflows has the opportunity to take control of the program. Fortunately, attempts to exploit buffer overflows can be detected and prevented. By ensuring a buffer is never filled beyond its limits, or by testing for unexpected changes in a program's environment, overflow attacks can be thwarted. The issue of buffer overflows and the various ways to address it are of most use to those who develop applications. Consequently, programmers are the intended audience of this paper. The reader is assumed to be familiar with structured programming languages. Although the details in this paper focus largely on the C programming language and the Intel IA-32 architecture, the concepts presented are applicable to many programming environments. Jason Deckard GIAC GSEC p. 3
Page 1: Defeating Overflow Attacks GSEC Pra
Page 5 and 6: 3 The Stack Segment The stack segme
Page 7 and 8: 3.2 CALL and RET - Changing the flo
Page 9 and 10: then restored by popping it off the
Page 11 and 12: yte buffer meant to hold the key. T
Page 13 and 14: et address base pointer canary buff
Page 15 and 16: uffer, it may be possible for the a
Page 17 and 18: Appendix B: Source Code Examples Th
Page 19 and 20: "\x68\x68\x2F\x62\x69\x6E\x89\xE3"
Page 21 and 22: B.2.2 Attack Nearly identical to th
Page 23 and 24: d = crypt( global_key, local_salt )
Page 25 and 26: B.3.3 Known Value Attack When the c
Page 27 and 28: for ( bytes_read = 0; bytes_read <
Page 29 and 30: mov eax, 0xFFFFFFFF sub eax, 0xFFFF

Defeating Overflow Attacks - orkspace.net

Create successful ePaper yourself

Delete template?

Save as template?